Trganda

**Name of the Vulnerable Software and Affected Versions** Knowage versions 8.1.26 and below **Description** Knowage is an analytics and business intelligence suite. Versions 8.1.26 and below are susceptible to Remote Code Execution due to the use of an unsafe `org.apache.commons.jxpath.JXPathContext` in the `MetaService.java` service. The issue is addressed in version 8.1.27. The vulnerable component allows for unauthenticated Remote Code Execution with full system impact. **Recommendations** Update to Knowage version 8.1.27 or later.

**Name of the Vulnerable Software and Affected Versions** Kafbat UI version 1.0.0 Kafbat UI versions prior to 1.1.0 **Description** Kafbat UI is a web user interface designed for managing Apache Kafka clusters. An unsafe deserialization vulnerability exists that allows any unauthenticated user to execute arbitrary code on the server. The issue stems from the application’s dynamic cluster configuration functionality that accepts user-provided JMX endpoints without proper validation. **Recommendations** Kafbat UI version 1.0.0: Upgrade to version 1.1.0 or later to resolve this issue. Kafbat UI versions prior to 1.1.0: Upgrade to version 1.1.0 or later to resolve this issue.